<?php
 /*****************************************************************************
 * files.php                                                                  *
 * Last Modified: 2007-06-07                                                  *
 *                                                                            *
 * files.php allows an administrator to upload, download, or delete files     *
 * associated with all customer ID's.                                         *
 *                                                                            *
 * BBG_Billing, a PHP application using MySQL for creating and maintaining a  *
 * contacts and invoices database.                                            *
 *                                                                            *
 * @copyright Copyright (C) 2007, Bugs Bee Gone Computer Services             *
 * @owner     Daniel Barnett (Bugs Bee Gone Computer Services)                *
 * @author    Daniel Barnett <dbarnett@bugsbeegone.com>                       *
 * @website   http://www.bugsbeegone.com                                      *
 * @license   http://www.gnu.org/licenses/gpl.html GNU General Public License *
 * @package   BBG_Billing                                                     *
 * @name      files.php                                                       *
 * @version   1.0.0                                                           *
 *                                                                            *
 * This file is part of the "BBG_Billing" PHP application.                    *
 *                                                                            *
 * BBG_Billing is free software; you can redistribute it and/or modify        *
 * it under the terms of the GNU General Public License as published by       *
 * the Free Software Foundation; either version 2 of the License, or          *
 * (at your option) any later version.                                        *
 *                                                                            *
 * BBG_Billing is distributed in the hope that it will be useful,             *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of             *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the              *
 * GNU General Public License for more details.                               *
 *                                                                            *
 * You should have received a copy of the GNU General Public License          *
 * along with BBG_Billing; if not, write to the Free Software                 *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA *
 *****************************************************************************/


  // Require session.php for user access control
  require "include/session.php";

  // If user is not logged in, redirect to main.php
  if(!$session->logged_in) {
      header("Location: main.php");
      exit();
  }

  // If user is not an administrator, redirect to main.php
  if(!$session->isAdmin()) {
      header("Location: main.php");
      exit();
  }

  echo '<?xml version="1.0" encoding="utf-8"?>' . "\n";
  echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">' . "\n";

  echo '<html xmlns="http://www.w3.org/1999/xhtml">' . "\n";
?>

<head>
    <title>Bugs Bee Gone - Billing - File Manager</title>
    <meta name="ROBOTS" content="NOODP, NOFOLLOW" />
    <meta name="GOOGLEBOT" content="NOODP, NOFOLLOW" />
    <link href="files.css" type="text/css" rel="stylesheet" />
</head>

<body>
    <p>Bugs Bee Gone</p>
    <p style="font-weight:normal;"><a href="billing.php">Billing</a> -> File Manager<br />&nbsp;<br />

<?php
    // Require config.inc.php for configuration variables
    require_once "config.inc.php";

    // Connect to MySQL
    mysql_connect($path, $username, $password);
    // Select the database, if error die with error message
    @mysql_select_db($database) or die("Unable to select database.<br />" . mysql_error());

    // Define MySQL query to retrieve the list of files
    $query = "SELECT * FROM tblSysInfo ORDER BY customerID, name ASC";

    // Execute the MySQL query, if error die with error message
    $result = mysql_query($query) or die('Error, query failed<br />' . mysql_error());

    // Determine number of rows returned by the MySQL query
    $num = mysql_numrows($result);

    // Close the connection
    mysql_close();

    // If no rows were returned by the query, output a message...
    if($num == 0) {
        echo "Database is empty <br>";
    //If rows were returned by the query, output the rows in table format...
    } else {
        echo '<table width="75%" cellspacing="0" cellpadding="2" align="center" style="border-style:none; text-align:center;">' . "\n";
            echo '<tr>' . "\n";
                echo '<th>File Name</th>' . "\n";
                echo '<th>Customer ID</th>' . "\n";
                echo '<th>Delete</th>' . "\n";
            echo '</tr>' . "\n";

        $i = 0;
        while ($i < $num) {
            $key = mysql_result($result,$i,"key");
            $customerID = mysql_result($result,$i,"customerID");
            $name = mysql_result($result,$i,"name");

            echo '<tr>' . "\n";
                echo '<td class="border">' . "\n";
                    echo '<a href="download.php?id=' . $key . '">' . $name . '</a>' . "\n";
                echo '</td>' . "\n";

                echo '<td class="border">' . "\n";
                    echo '<a href="viewContact.php?customerID=' . $customerID . '">' . $customerID . '</a>' . "\n";
                echo '</td>' . "\n";

                echo '<td class="border">' . "\n";
                    echo '<a href="confirmDeleteFile.php?key=' . $key . '">Delete</a>' . "\n";
                echo '</td>' . "\n";
            echo '</tr>' . "\n";

        // Increment $i by 1
        $i++;
        }  // End while($i < $num)

        echo '</table>' . "\n";
    }  // End if($num == 0)
?>

    <br /><hr />

    <div style="text-align: center;">
    <p>Upload New File:</p>

    <form action="upload.php" method="post" enctype="multipart/form-data">
        <input type="hidden" name="MAX_FILE_SIZE" value="2000000" />

        <table width="450" border="0" cellpadding="1" cellspacing="1" class="box">
            <tr>
                <td width="110">
                    Customer ID:
                </td>

                <td width="340">
                    <select name="customerID">
                        <option value=""></option>
				<?php
                            // Connect to MySQL
                            mysql_connect($path, $username, $password);
                           // Select the database, if error die with error message
                           @mysql_select_db($database) or die("Unable to select database.<br />" . mysql_error());

                           // Define MySQL query to retrieve all of the contacts
                           $query = "SELECT * FROM tblContacts ORDER BY lastName, firstName, customerID ASC";

                           // Execute MySQL query, if error die with error message
                           $result = mysql_query($query) or die(mysql_error());

                           // Determine the number of rows returned
                           $num = mysql_numrows($result);

                           // Close the connection
                           mysql_close();

                           // Declare the incrementor and initialize to 0
                           $j = 0;
						
                           // Cycle through loop while $j is less than $num
                           while($j < $num) {
                               // Define data variables
                               $customerID = mysql_result($result,$j,"customerID");
                               $company = mysql_result($result,$j,"company");
                               $firstName = mysql_result($result,$j,"firstName");
                               $lastName = mysql_result($result,$j,"lastName");

                               // If company != NULL...
                               if($company != "") {
                                   // Output company name then the last name and first name
                                   echo '<option value="' . $customerID . '">' . $company . ' - ' . $lastName . ', ' . $firstName . '</option>' . "\n";
                               // If the company is NULL...
                               } else {
                                   // Output the last name and first name
                                   echo '<option value="' . $customerID . '">' . $lastName . ', ' . $firstName . '</option>' . "\n";
                               }

                               // Increment the incrementor by 1
                               $j++;
                           }  // End while($j < $num)
                       ?>
			</select>
                </td>
            </tr>

            <tr>
                <td width="110">
                    File:
                </td>

                <td width="340">
                    <input name="userfile" type="file" id="userfile" />
                </td>
            </tr>

            <tr>
                <td colspan="2" width="100%" style="text-align:center;">
                    <input name="upload" type="submit" class="box" id="upload" value=" Upload " />
                </td>
            </tr>
        </table>
    </form>
    </div>
 
</body>
</html>
